5 answers

1 accepted

You can't, and this seems like a very dangerous idea. Membership in a group is a global concept, so it does not make sense to let a project administrator add users to global groups that could also escalate that user's privileges in another project. It would take a lot of discipline to make certain that each group you allowed this for was only used in a certain project or group of projects with similar access requirements.

It sounds like the existing Project Roles are closer to what you want here, as this allows you to grant project-scoped access to individual users.

If that does not meet your needs, then you might want to watch https://jira.atlassian.com/browse/JRA-3156. While there are several other issues related to the concept of a "limited administrator", JRA-3156 is where we are coordinating the plan to address that general category of concerns.

Well, this wouldnt work for us, as we use JIRA to control application access to a whole suite of development tools: confluence, bamboo and stash.

So we need to use groups, that are properly nested into categories of developers etc. Otherwise it will be a lot of maintenance for our project managers to have to sync lists of users across the different applications!

What we are looking for is how to empower our PM's to add/remove users from groups.

This suggests that what you really need to do is use LDAP to control group membership in all of these applications and manage them through the LDAP server.

JIRA is not really intended to be an LDAP administration tool. To the extent that it can write to the LDAP directory, this is a global permission because group membership is a global concept. JIRA cannot "know" that you are choosing to follow a particular convention in how you assign the global groups to individual projects.

While this certainly sounds like a good idea, for JIRA to "understand" that this is what you are doing would require explicit support for the concept, and JIRA does not currently have that.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.